On Tue, Jul 5, 2022 at 02:57:52PM -0700, Noah Misch wrote: > Since having too-permissive ACLs is usually symptom-free, I share your > forecast about the more-common question. Expect questions on mailing lists, > stackoverflow, etc. The right way to answer those questions is roughly this: > > > On PostgreSQL 15, my application gets "permission denied for schema > > public". What should I do? > > You have a choice to make. The best selection depends on the security > needs of your database. See > > https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS > for a guide to making that choice. > > Recommending GRANT to that two-sentence question would be negligent. One > should know a database's lack of security needs before recommending GRANT. > This is a key opportunity to have more users make the right decision while > their attention is on the topic.
Yes, I think it is a question of practicality vs. desirability. We are basically telling people they have to do research to get the old behavior in their new databases and clusters. > > My only stylistic suggestion would be to remove "a" from "a > > <literal>REVOKE</literal>". > > I'll plan to push with that change. WFM. -- Bruce Momjian <br...@momjian.us> https://momjian.us EDB https://enterprisedb.com Indecision is a decision. Inaction is an action. Mark Batterson
